[core] do not emit a warning for expected decryption errors
The only expected decryption error is on decryption of the symetric key used to crypt the data. All other errors are critical and must be logged. Client of lasso_node_decrypt_xmlnode can then log the decryption failure of the symetric if they tried with all possible keys (key rollover case).
This commit is contained in:
parent
5957f3e230
commit
fd7af65e91
|
@ -1193,8 +1193,11 @@ _lasso_saml20_login_decrypt_assertion(LassoLogin *login, LassoSamlp2Response *sa
|
|||
break;
|
||||
}
|
||||
lasso_foreach_full_end();
|
||||
|
||||
if (rc1) {
|
||||
if (rc1 == LASSO_DS_ERROR_DECRYPTION_FAILED) {
|
||||
message(G_LOG_LEVEL_WARNING, "Could not decrypt the EncryptedKey");
|
||||
at_least_one_decryption_failture |= TRUE;
|
||||
continue;
|
||||
} else if (rc1) {
|
||||
message(G_LOG_LEVEL_WARNING, "Could not decrypt an assertion: %s", lasso_strerror(rc1));
|
||||
at_least_one_decryption_failture |= TRUE;
|
||||
continue;
|
||||
|
|
|
@ -1574,7 +1574,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
|
|||
xmlChar *algorithm = NULL;
|
||||
xmlSecKeyDataId key_type;
|
||||
GList *i = NULL;
|
||||
int rc = LASSO_DS_ERROR_DECRYPTION_FAILED;
|
||||
int rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA;
|
||||
|
||||
if (encryption_private_key == NULL || !xmlSecKeyIsValid(encryption_private_key)) {
|
||||
message(G_LOG_LEVEL_WARNING, "Invalid decryption key");
|
||||
|
@ -1582,6 +1582,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
xmlSetGenericErrorFunc(NULL, lasso_xml_generic_error_func);
|
||||
|
||||
/* Need to duplicate it because xmlSecEncCtxDestroy(encCtx); will destroy it */
|
||||
encryption_private_key = xmlSecKeyDuplicate(encryption_private_key);
|
||||
|
||||
|
@ -1655,8 +1657,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
|
|||
if (key_buffer != NULL) {
|
||||
sym_key = xmlSecKeyReadBuffer(key_type, key_buffer);
|
||||
}
|
||||
rc = LASSO_DS_ERROR_ENCRYPTION_FAILED;
|
||||
if (sym_key == NULL) {
|
||||
message(G_LOG_LEVEL_WARNING, "EncryptedKey decryption failed");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
|
@ -1673,6 +1675,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
|
|||
|
||||
/* decrypt the EncryptedData */
|
||||
if ((xmlSecEncCtxDecrypt(encCtx, encrypted_data_node) < 0) || (encCtx->result == NULL)) {
|
||||
rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA;
|
||||
message(G_LOG_LEVEL_WARNING, "EncryptedData decryption failed");
|
||||
goto cleanup;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue